ConfiMsg encrypts your messages in the browser with AES-256-GCM before they ever leave your device. The server stores ciphertext only. After the recipient reads it — it's gone.
Create a Self-Destructing MessageThe Problem
Privnote has been around since 2008 — and so has its architecture. Your message is stored on their server in a format the service can technically access. In 2019, security researchers documented a fraudulent Privnote clone intercepting messages in transit. The real Privnote offers no client-side encryption.
For passwords, API keys, legal content, healthcare data, or anything genuinely sensitive, trusting a server you don't control is a structural risk — not a theoretical one. A data breach, a legal demand, a rogue employee: any of these can expose messages you assumed were private.
The only safe model is one where the server never has the key. That's zero-knowledge — and it's what ConfiMsg was built on from day one.
How ConfiMsg Solves This
The AES-256-GCM key is generated in your browser and appended to the link as a URL fragment — never sent to our server. Mathematically impossible for us to decrypt.
When the link is opened, the encrypted blob is deleted from the database immediately — before the message is even decrypted. One read, then it's gone for good.
Send files alongside your message. Attachments are encrypted in-browser with the same key before upload. Your documents stay private end-to-end.
No email, no registration, no identity. We don't know who sent what to whom — because we have no way to find out. Use it and leave no trace.
How It Works
Type your message (and attach files if needed). ConfiMsg encrypts everything locally in your browser using a randomly generated AES-256-GCM key.
You receive a unique one-time URL. The decryption key lives only in the URL fragment — invisible to servers, routers, and our own infrastructure.
When your recipient opens the link, the ciphertext is deleted from the server. Decryption happens locally in their browser. No second chance to read it.
Use Cases
Any time you're sending information that shouldn't outlive the conversation.
Sending credentials over Slack or email creates a permanent, searchable record. ConfiMsg delivers the secret once — and the link expires immediately after.
Attorneys, paralegals, and clients can exchange sensitive case details without leaving a paper trail on either party's email server.
Deliver temporary access credentials, SSO setup links, or severance details privately — without CC'ing the wrong person or clogging inboxes.
Share test results, referral notes, or insurance data with a level of confidentiality that email cannot provide by design.
Bank routing numbers, wire instructions, and account identifiers sent once — then gone. Zero exposure window after the recipient reads the message.
Say what needs to be said — to a friend, a partner, or a colleague — without it living forever in a server log somewhere you can't control.
Why It Matters
AES-256-GCM (Advanced Encryption Standard, 256-bit key, Galois/Counter Mode) is the encryption algorithm used by the U.S. government for Top Secret data, by TLS 1.3 for HTTPS traffic, and by every major cloud provider for data at rest.
The 256-bit key means there are 2²⁵⁶ possible keys — roughly 10⁷⁷. Brute-forcing it with every computer on Earth would take longer than the age of the universe. The GCM mode adds authenticated encryption: any tampering with the ciphertext is detected and rejected before decryption.
What matters for ConfiMsg: this algorithm runs entirely inside your browser via the Web Crypto API. The key is generated locally, used locally, and appended to the share URL as a #fragment — a part of the URL that browsers never send to servers. The server receives and stores only the ciphertext, which is useless without the key.
Key Concepts
Plain-language definitions for the technical concepts that separate secure tools from ones that merely look secure.
A system design in which the service provider has no technical ability to access user data — not because of policy, but because they never receive the decryption key. Even if compelled by a court order or breached by an attacker, the provider has nothing useful to hand over.
Encryption that happens on the user's device (in the browser) before data is transmitted. The opposite is server-side encryption, where the server encrypts your data using a key it also controls — providing confidentiality against third parties but not against the server itself.
Messages designed to exist for a limited time or a single read event, after which they are permanently destroyed. True ephemerality requires deletion at the storage layer — not just hiding a message from the UI while the data remains on disk.
The portion of a URL after the # symbol. By HTTP specification, browsers never include the fragment in requests sent to servers. ConfiMsg uses this to transmit the decryption key to the recipient's browser without the key ever touching a server or appearing in server logs.
Encryption where only the communicating parties — sender and intended recipient — can read the messages. Unlike transport encryption (HTTPS), E2EE means the service provider in the middle cannot decrypt content even if they wanted to. ConfiMsg applies this model to asynchronous one-time messages.
Ready to switch?
No account. No email. No tracking. Just a secure link that disappears after reading.
Go to ConfiMsg.comFAQ
No — and this is not a policy claim, it's a cryptographic guarantee. The decryption key is generated in your browser and placed in the URL #fragment. Fragments are never sent to HTTP servers by browsers. We receive only ciphertext. Without the key, the ciphertext is computationally indistinguishable from random noise. Even under a legal subpoena, we have nothing to hand over.
ConfiMsg uses AES-256-GCM — the same algorithm trusted by financial institutions, governments, and major cloud providers. GCM (Galois/Counter Mode) provides both confidentiality and authenticated integrity, meaning any tampering with the ciphertext is detectable. The key is generated via window.crypto.getRandomValues(), the browser's cryptographically secure RNG.
The moment a recipient opens the link, ConfiMsg sends a deletion request to the server before returning the ciphertext. The encrypted blob is removed from the database. Even if someone intercepts the URL and opens it after the first read, they receive a "message not found" response. There is no copy anywhere.
Yes. Files are encrypted client-side using the same AES-256-GCM key before being uploaded. The server stores an encrypted blob; it has no visibility into the file type, name, or contents. File attachments are supported without an account — just attach in the message composer before generating your link.
It's one of the primary use cases. Sharing credentials over email or Slack leaves a permanent audit trail. ConfiMsg leaves nothing — no server-side record of plaintext, and the message is destroyed after the recipient reads it. For one-time credential handoffs to colleagues, clients, or onboarding flows, it's a significant security improvement over any plaintext channel.